Advisories » MGASA-2026-0089

Updated roundcubemail packages fix security vulnerability

Publication date: 07 Apr 2026
Modification date: 07 Apr 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-35545

Description

SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via
fill/filter/stroke
And some regressions from the last fix are fixed.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35302
• https://github.com/roundcube/roundcubemail/releases/tag/1.6.15
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35545

SRPMS

9/core

• roundcubemail-1.6.15-1.mga9